Almost paralleling the explosion of investigations has been the proliferation of email as a convenient and immediate way for business people to communicate — and perhaps the most important prosecutorial tool to emerge in a generation. In investigation after investigation, the ‘smoking gun’, if there is one, is located in an email exchange.
Email creates an unsanitised, contemporaneous, often minute-by-minute record of business events and activities as well as the thoughts and actions of employees. Not only do emails record conduct as never before but the stroke of the delete key does not make them disappear forever.
Despite the virtual permanence of email, employees do not treat email with the same care they give to other documents. This lack of care can have unfortunate consequences when an inartfully-worded or hastily-written email emerges during the course of an investigation.
Regulators and prosecutors understand the significance of the email record and their expectations demand that companies preserve and (perhaps) ultimately produce emails. The importance of email is reflected by the fact that, in the US, the Federal Rules of Civil Procedure were recently amended to expressly include electronically-stored information as a standard part of discovery. Moreover, some laws, such as Sarbanes-Oxley, incorporate sanctions for failing to comply with electronic discovery obligations. This means that the treatment of emails is of critical importance for counsel and companies when conducting an internal investigation.
Understanding electronic dataAs an initial matter, dealing with email involves understanding the client’s electronic data system and how to access documents pertinent to the investigation. This includes learning about the company’s servers, electronic data back-up system and its recycling, as well as voicemail systems that are often linked with email systems. Accordingly, the client’s IT and computer support personnel should be engaged in the data collection process at an early stage of the investigation. The client’s IT personnel should be familiar with the servers used by the company as well as the storage and back-up systems. Often, IT personnel are the only employees who know how to locate and capture email and other electronic data, and are likely to play a prominent role in collecting and preserving data during the investigation.
Document preservation
As a practical matter, it is nearly impossible for a company to preserve all electronic data and email. Accordingly, companies should develop and implement a document retention policy. Such a policy describes a company’s standard operating procedure for purging material in the absence of litigation or an investigation. To ensure compliance with legal obligations, counsel should review document retention policies on a regular basis.
If and when the company is subject to an investigation, the document retention policy will likely need to be suspended to ensure the retention of relevant documents. To meet this obligation, at the outset of an investigation it is important to send a document preservation notice as a matter of course to employees who may have relevant documents.
A preservation notice mandates employee compliance with preservation efforts by describing the types of documents sought and instructing employees not to alter, delete or destroy relevant documents, including email. This includes ceasing automatic email deletion programs or instructing employees to store email in folders that will not be subject to automatic deletion. IT personnel often prove an invaluable resource by assisting counsel in determining and implementing a preservation strategy. For example, counsel and client may elect to freeze data in time by imaging pertinent hard drives and servers to decrease the risk of deletion and to help ensure electronic data exist in the future in the same state as they exist at the time the investigation begins. IT personnel also will be able to turn off automatic deletion functions and cease recycling of hard drives and back-up tapes.
Electronic document preservation includes ensuring that hard drives are adequately searched for responsive documents prior to recycling or making repairs or upgrades that could alter the drive. Regulators and prosecutors are well aware of the importance of email and are well versed in how to identify document destruction. Once an investigation begins, ensuring preservation of relevant email is of critical importance.
Experience demonstrates that employees are often tempted to delete emails that are perceived to be harmful to the company. Employees must understand that destroying a document can lead to far worse results than disclosing it. First, the document may not actually be harmful. Even if a document is damaging, counsel is in a better position to defend the company knowing the entire lie of the land — be it good or bad. Second, emails are usually retrievable even after they have been deleted from active computer files. Long-forgotten and deleted documents often are recoverable from computer hard drives through the use of computer forensics technology. Moreover, documents frequently exist in more than one place so a deleted document may be available from a different source, such as a server or alternative hard drive.
Often, the only thing worse than a bad email is a destroyed email. The discovery that documents such as emails have been deleted may give rise to sanctions and additional allegations. Laws such as Sarbanes-Oxley, which impact on European companies doing business on a US exchange, provide for criminal liability for the destruction of documents.
Such laws make clear that document destruction is a criminal act when it is intended to impede a pending or foreseeable government investigation. If document destruction is discovered, the government may file obstruction charges in addition to the charges related to the underlying wrongdoing. In a civil context, a frequent sanction for spoliation or the destruction of evidence is a presumption that the deleted material evidenced wrongdoing.
There is a pressing need in today’s corporate world for training sessions focusing on the appropriate use and misuse of emails. Simply printing off an email before it has been sent sometimes is enough to alert even the most harried employee that he or she should reconsider the views he or she is about to express. Company employees also need to be reminded that a personal computer, if provided by the company or used to send or receive business communications, is not personal. Whether stationary or portable, communications sent by or on behalf of the company, or received on company business, can be and often are demanded by law enforcement officials — even if the computer being used is located in the employee’s home. Further, BlackBerry-type communication equipment can be seized by government investigators under the same standards that apply to stationary and portable computers.
Emails are increasingly becoming the lynchpin of corporate investigations. Conducting a thorough investigation requires preserving and reviewing relevant emails to identify key players and to assess accurately a client’s potential risks. Making employees aware of the appropriate use and misuse of emails is urgently needed in companies, both large and small.
John Rupp is a partner and Christopher Denig a
